Cybersecurity is a shared responsibility. Stop. Think. Connect.

Darknet

When we think of cybersecurity attacks, we conjure up images of all the bad actors trying to break into our systems and stealing our data. However, what is often overlooked is that one of the biggest threats to our organizations is already lurking inside.

Evidence suggests that the majority of data breaches and leaks occur due to employee negligence or unawareness of standard security practices that they should be following, and/or they do not fully comprehend how violations of policies can affect the organizations’ bottom line.

Often, the lack of unawareness can lead to employees not taking security seriously and even sometimes disregarding it all together it in the name of ease of use, performance, or convenience which can ultimately allow ransomware, RATs and other dangerous malware to infect your system.

Case in point is the data breach at Target. The evidence suggests that an employee at an HVAC vendor of Target opened a phishing email infected with malware and due to the lack of internal controls, the malware was able to spread throughout Target. Security was not a priority, including employees using default passwords and they kept login credentials stored on unprotected servers where they were easily accessible.

Then there are the malicious insiders who pose the greatest threats, in part because it is incredibly easy for employees who have access to the organization’s network to misappropriate data, use data extrusion or destroy/alter the data.

More often than not they are able to use legitimate credentials and permissions in order to access the data, consequently evading detection.

56% of security professionals say insider threats have become more frequent in the last 12 months.

71% Inadvertent data breaches top the list. With 68% Negligent data and 61% malicious data breaches come in a close second and third.

60% privileged users, such as managers with access to sensitive information, pose the biggest insider threat to organizations followed by 57% contractors and consultants and 51% of regular employees

More than 75% of organizations estimate insider breach remediation costs could reach $500,000 while 25% believe the cost exceeds $500,000 and can reach in the millions.

Well-known malicious insider security breaches

Dejan Karabasevic was an employee of American Superconductor (AMSC). Karabasevic stole Intelectual property in which he then sold to Sinovl, a Chinese competitor. AMSC filed for bankruptcy, forcing the company to lay off more than 450 employees.

Edward Snowden is a former NSA subcontractor who leaked thousands of top secret information about NSA surveillance activities.

Bradley Manning disclosed US Army documents to WikiLeaks and was convicted of violations of the Espionage Act.

The psychology behind malicious insider threats can be perplexing to organizations, as the individuals’ motives or actions cannot always be easily identified. The primary drivers of the malicious insider behavior often combine a lack of conscious, distrust or empathy plus organic stressors including financial trouble and job disillusionment; resulting in disgruntled employees, who can steal data; leak it online or corrupt it as payback for a perceived injustice. Espionage, which is a very real thing, where data is sold to the highest buyer. Finally, there are the most trustworthy employees who can and do fall victim to blackmail and/or bribery. In a previous blog last week, I wrote about a blatant security violation. What Is Really At Stake With The People Part Of The Cyber Equation?

The demand for sensitive data, i.e., credit card, personally identifiable, and/or proprietary information is snowballing on the ‘DarkNet,’ and cyber criminals stand to haul in huge financial paydays if they can collect that data. Moreover, evidence suggests that cyber criminals have begun collecting this valuable data by recruiting employees and turning them into malicious insider threats. According to new research from IBM, the health care sector’s IT suffered from malicious insider attacks at a rate far higher than other industries.

All staff needs to be held accountable for their actions because anyone can become corruptible. However, several groups require additional security including

Former Employees. If accounts are not disabled, ex-employees can take data with them. What is worse, they often can access your data even after termination, either via Logic Bombs, Trojans, and Trap Doors or by just retaining their access because the audit controls were not in place to disable their access.

Privileged users. The most trusted users in a company are privileged users, and they have the greatest opportunities to misuse your data.

Third parties. Subcontractors, vendors, consultants and partners who have access to your systems should be treated as a risk to your security.

Insider threats are hard to remediate if the proper controls are not in place. The longer it takes an organization to detect a breach, the more remediation costs go up. Without the proper controls in place, it can be difficult to distinguish harmful actions from regular work.

There are differences between ‘regular users’ and ‘insider threats.’ Be aware of the indicators (This is not a complete list, but it is a good start)

Repeated violations of the Organizations Security Policies.

Failed access attempts after hours to unauthorized areas.

Failure to report bankruptcies or travel outside the country on your SF86 or U4.

An unusual amount of communication with competitors using social media.

A high number of files transferred from an endpoint to removable media.

A high amount of data emailed to a personal email account or file hosting site.

An unusual amount of browsing of watch-list websites with a lack of regard.

IT Administrator(s) are performing excessive file deletions.

Password harvesting, unauthorized access to co-workers computers.

Encrypting and renaming file extensions.

Password protecting Zip files.

The increase of trouble tickets for computers.

Alerts in real-time enable organizations to defend themselves against insider threats including

Host-based agents to log activity on desktops, laptops and the use of removable media.

Business organizations with effective security controls will be better able to mitigate suspicious employee behaviors and ultimately minimize the risk and impact of the theft of sensitive information and malicious insider disruption.

Like this:

Cybercrime is a thriving high reward low-risk business model, and it can be summed up easily with just-$.

In the past, there were various obstacles to overcome in order to get into the cybercriminal game. The ‘original cybercriminals’ ran a centralized operation which owned the servers and constructed malicious software (malware) from scratch.

This business model proved to be incredibly expensive to operate and exceedingly time-consuming; in order to make a substantial profit, large organizations were the only option.

However, similar to other ecosystems, the cybercriminal ecosystem continues to evolve. Today, it is a distributed system where anyone with an agenda can simply rent, lease or purchase an ‘as a Service,’ services and ‘cash in’ on their crimes.

The distributed system requires less effort because the criminals take advantage of the current ‘trends’ including the ‘human factor,’ where one in three individuals within an organization, regardless of training, will click on a phisher’s email and/or ‘low-hanging fruit’ otherwise known as the persons or organizations that despite all the warnings incur the risks with sub-par security, found easily by an exploit kit. Rather than deploying sophisticated and expensive Zero-Day attacks, now, any endpoint becomes a potential source of revenue.

As a Service, services is a flourishing business model run on the black markets found on the DarkNet such as the TOR network. TOR is a technological revolution in the facilitation of cybercrimes, because of the anonymity under which groups are able to operate.

Cybercriminals commit crimes directly against individuals, organizations, or governments through means such as malware attacks.

Direct methods are when resources are taken directly from the victim including

The introduction of the cloud computing as a Service, services paradigm has brought abundant advantages to the information technology industry but also greater opportunities for cybercriminals.

Cybercriminals no longer need to rely on their own skills and assets to carry out exploits.

Several of these services include

Infrastructure as a Service (IaaS) provides the rental of servers and storage devices.

Software as a service (SaaS) provides the infrastructure enabling the dynamic production of applications.

Data as a Service(DaaS) Data is stored in the cloud and is accessible by a range of systems, and devices.

Platform as a Service( PaaS) allows users to develop, run and manage applications without the complexity of building and maintaining expensive infrastructure and the space required to develop and launch applications.

Cybercriminals have taken full advantage of these services because they eliminate the need to maintain their own infrastructure, they can facilitate better operational security (OpSec) which adds a layer of obfuscation between the cybercriminals and the organizations hunting them while efficiently creating and distributing their malware attacks.

Another fuel for as a Service is the rise and popularity of cryptocurrencies. Cryptocurrency is digital money that utilizes a decentralized, peer-to-peer (P2P) payment network thus making it harder to discover criminal activity.

The most utilized form of cryptocurrency is Bitcoin.

Bitcoin is used globally for legitimate organizations but is better know for the criminal exploits.

The topic of Bitcoin would not be complete without addressing the processes of Tumbling. Tumbling essentially adds an additional layer of anonymity to block attempts to track and uncover Bitcoin transactions. There are multiple ways to Tumble Bitcoins including

Multiple Wallets Cybercriminals creates a wallet via TOR and adds Bitcoins to it. A second wallet is created, again, utilizing TOR, and moves the funds into the second wallet. Last but not least, a third wallet is created, and the funds are moved again, thus confusing the trail of transactions between the three wallets making attribution almost impossible.

Third Party Services DarkNet organizations offer services in order to launderbitcoins which add a ‘proprietary obfuscation technology’ that breaks the link to the source of the funds and prevents any blockchain analysis tracking bitcoin transactions.

The DarkNet is an encrypted network built on top of the DarkWeb. Two typical DarkNet types are P2P used for file sharing and networks such as TOR for anonymity.

TOR which is short for ‘The Onion Router,’ provides anonymity to its users by bouncing the user’s communications around a distributed network of relays worldwide; TOR also prevents tracking of what sites are visited, prevents the sites visited, from learning the user’s physical location, and allows access to .onion sites ranging from legal to absolutely illegal. TOR can be used on Windows, Mac OS X, or Linux without any additional software.

As with all things as a Service, where there is a need, service providers seem willing to satisfy it. Moreover, as long as the return on investment (ROI) remains high, the expectation for continued investment into even more resources in order to unleash greater numbers of cybercrimes on the broadest possible range of targets will continue. Buckle up your seatbelt.

Prevention Guidelines

Use strong passwords- Eight characters. Include upper and lower case letters, Numbers and Special Characters (!@#$%^&*(

Adding just one capital letter, and one special character changes the Brute Force processing time for an 8 character password from 2.4 days to 2.10 centuries. Think about that!

Never write your password on a sticky for an intruder to find.

Group the sites you visit into categories, i.e. business, personal, sensitive, and use a password for each category.

Activate your Firewall- it is the first line of defense.

Use your Anti’s

Anti-Virus

Anti-Malware

Anti-Spyware

Secure your Mobile Devices-They are just as vulnerable as your computer.

Search

Search for:

Text Widget

This is a text widget, which allows you to add text or HTML to your sidebar. You can use them to display text, links, images, HTML, or a combination of these. Edit them in the Widget section of the Customizer.